package jdbc;

import java.sql.Connection;
import java.sql.PreparedStatement;
import java.sql.ResultSet;
import java.sql.SQLException;

//预编译语句
public class JDBCDemo8 {
    public static void main(String[] args) {
        try(Connection conn=DBUtil.getConnection()) {
            String sql="select * from user where username = ? " +
                    "and password = ?";
            PreparedStatement ps = conn.prepareStatement(sql);
            ps.setString(1,"12");
            ps.setString(2,"a' or '1'='1");
            ResultSet rs=ps.executeQuery();
            if (rs.next()){
                System.out.println(rs.getString("username")+" "+rs.getString("password")+" 登录成功");
            }else{
                System.out.println("登录失败");
            }
        } catch (SQLException throwables) {
            throwables.printStackTrace();
        }
    }
}
